Subscription

Hi all,
Our security team is actively investigating an issue where some users are receiving emails from Evernote indicating notes have failed to be emailed from their account. It looks like this may have happened to accounts that utilize the same password on multiple websites. If you believe your account has been accessed by someone else, we suggest you do the following:
1. Change your password immediately. Choose a unique password that you don’t use on another website.
2. Review the list of Authorized Applications for your account. Revoke access to any applications that you are suspicious of or that accessed your account from an IP address you don’t know.
3. Set up two-step verification on your account as an additional layer of security.
Lastly, be sure to never share your account login with anyone else.

I received a highly suspicious Phising email this morning. It claimed passwords needed to be reset. DO NOT CLICK ANY LINKS IN THAT EMAIL! (If you fully read the email, you'll note that it was a direct copy from an existing Evernote email, where they specifically warn you to NEVER CLICK A LINK IN AN EMAIL. The attacker had then modified the email to insert links well above the warning that they didn't even read.) If you hover over a link you'll notice it redirects to a non-evernote web site. It then asks you to ENTER YOUR CURRENT PASSWORD. If you have entered your password, you should consider yourself compromised. Had this been a serious alert from Evernote, you would have been instructed to visit Evernote from your Bookmarks, or enter it directly. At that point you should have seen a link to reset your password via email. Remember people, NEVER BLINDLY TRUST AN EMAIL. They are easily forged and companies already have established policies to verify your identity through established email accounts. You may wish to reset your password immediately, especially if you have clicked a link in the aforementioned email.

I've been getting a lot of obviously inappropriate new topic notifications recently. Most of them are about either movies, tv shows, or escort services. Had over 10 of these last night, and it seems to have been going on for months. So, it makes me wonder: Has the Evernote Forum been hacked?

Hi everyone, Some bad news for me and some of your trying to recover lost notes. I had a days worth of unsynced notes on the my iPhone which were deleted when the password reset was activated. After dealing with premium support for several days this is the message I received today: I'm not happy with this at all and as a paying customer I will be seeking redress. What is clear now is that Evernote for no reason what-so-ever remote wiped Evernote on user's iPhone with no warning or notification to allow users to copy their data. I would not have minded having to copy-paste unsynced notes across before resetting the account but no opportunity was given. I feel extra sorry for those who have never synced their notes... deleting users data is just the worse thing Evernote could have ever done.

I live in Evernote. Evernote is mission-critical to my business. Here's how they should have handled this situation: Send out an email to their 45M users before they configure the client to pop up a "change password" message. Maybe not everyone will have read that email before they use Evernote but at least Evernote will have made an attempt at warning them. The client message should say that the user needs to change their Evernote account password. It should not display the email address associated with their Evernote account with the wording "Your password seems to have changed...". That message is completely inaccurate and confusing to the ordinary user.

On a very consistent basis I get an email request to confirm my password change, even though I didn't request one. I understand that this may be cause by someone mis-typing their own account username, but my username is NOT common, and these password change requests are coming too often and too regularly. Makes me think someone is trying to hack my account. Makes me think my Evernote data is at risk. Is Evernote aware of this, and are they doing anything to combat hackers?